Add function to test artefact republish permissions when viewing views

aad91c23 · Richard Mansfield · c54107c6 · aad91c23 · aad91c23 · aad91c23
Commit aad91c23 authored Jul 08, 2008 by Richard Mansfield
3 changed files
--- a/htdocs/artefact/file/blocktype/image/lib.php
+++ b/htdocs/artefact/file/blocktype/image/lib.php
@@ -41,7 +41,7 @@ class PluginBlocktypeImage extends PluginBlocktype {
    }

    public static function render_instance(BlockInstance $instance) {
-        require_once(get_config('docroot') . 'artefact/lib.php');
+        //require_once(get_config('docroot') . 'artefact/lib.php');
        $configdata = $instance->get('configdata'); // this will make sure to unserialize it for us
        $configdata['viewid'] = $instance->get('view');

@@ -49,7 +49,8 @@ class PluginBlocktypeImage extends PluginBlocktype {
        // render_self
        $result = '';
        if (isset($configdata['artefactid'])) {
-            $image = artefact_instance_from_id($configdata['artefactid']);
+            //$image = artefact_instance_from_id($configdata['artefactid']);
+            $image = $instance->get_artefact_instance($configdata['artefactid']);

            if ($image instanceof ArtefactTypeProfileIcon) {
                $src = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&id=' . $configdata['artefactid'];

--- a/htdocs/blocktype/lib.php
+++ b/htdocs/blocktype/lib.php
@@ -640,6 +640,26 @@ class BlockInstance {
        }
    }

+
+    /** 
+     * Get an artefact instance, checking republish permissions
+     */
+    public function get_artefact_instance($id) {
+        require_once(get_config('docroot') . 'artefact/lib.php');
+        $a = artefact_instance_from_id($id);
+        $viewowner = $this->get_view()->get('owner');
+        $group = $a->get('group');
+        if ($viewowner && $group) {
+            // Only group artefacts can have artefact_access_role & artefact_access_usr records
+            if (!count_records_sql("SELECT COUNT(ar.can_republish) FROM {artefact_access_role} ar
+                INNER JOIN {group_member} g ON ar.role = g.role
+                WHERE ar.artefact = ? AND g.member = ? AND g.group = ? AND ar.can_republish = 1", array($a->get('id'), $viewowner, $group))
+                and !record_exists('artefact_access_usr', 'usr', $viewowner, 'artefact', $a->get('id'), 'can_republish', 1)) {
+                throw new ArtefactNotFoundException(get_string('artefactnotpublishable', 'mahara', $id, $this->get_view()->get('id')));
+            }
+        }
+        return $a;
+    }
 }



--- a/htdocs/lang/en.utf8/mahara.php
+++ b/htdocs/lang/en.utf8/mahara.php
@@ -483,6 +483,7 @@ $string['noeditpermission'] = 'You do not have permission to edit this artefact'
 $string['Permissions'] = 'Permissions';
 $string['republish'] = 'Publish';
 $string['view'] = 'View';
+$string['artefactnotpublishable'] = 'Artefact %s is not publishable in view %s';

 $string['belongingto'] = 'Belonging to';
 $string['allusers'] = 'All users';